Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Tuesday, November 8, 2016 – Election Day

• An emeritus professor in Rochester, New York, pleaded guilty
November 4 for allegedly concealing $200 million worth of assets from the U.S.
Internal Revenue Service in offshore accounts at a Zurich, Switzerland-based
bank. – Bloomberg See item 2 below in the Financial Services Sector

• Highway 99 in Modesto, California, was closed for more than 14
hours November 5 while crews worked to clean up roughly 8,000 gallons of
gasoline and diesel fuel that spilled after a fuel tanker veered off the
roadway and overturned. – Modesto Bee

8. November 5, Modesto
Bee – (California) Highway 99 gas tanker crash snarls Modesto traffic,
lanes reopen 14 hours later. Both directions of Highway 99 in Modesto,
California, were closed for more than 14 hours November 5 while crews worked to
clean up roughly 8,000 gallons of gasoline and diesel fuel that spilled after a
fuel tanker veered off the roadway and overturned. The accident remains under
investigation and the driver of the tanker truck was transported to an area
hospital.

• Officials from Greenville Health System’s Carolina Cardiology
Consultants announced November 4 that it notified around 2,500 patients of a
potential data breach after the patients’ records were improperly downloaded by
a former employee of Ambucor Health Solutions. – Greenville Upstate Business
Journal

16. November 4,
Greenville Upstate Business Journal – (South Carolina) Data breach
affects 2,500 GHS patients. Officials from Greenville Health System’s
Carolina Cardiology Consultants announced November 4 that it notified around
2,500 patients of a potential data breach after the patients’ records
containing personal information were improperly downloaded by a former employee
of Ambucor Health Solutions, a company providing remote-monitoring services for
cardiac devices. Ambucor officials did not believe the personal data was
misused.

• Authorities are investigating the cause of an apartment fire in
Salt Lake City that injured 3 people, displaced 40 others, and caused an
estimated $300,000 in damages November 7. – KSTU 13 Salt Lake City

2. November 4, Bloomberg –
(International) Credit Suisse said to hold accounts for latest U.S. tax
felon. An emeritus professor in Rochester, New York, pleaded guilty
November 4 for allegedly concealing $200 million worth of assets from the U.S.
Internal Revenue Service through offshore accounts at a Zurich,
Switzerland-based bank, and filing false tax returns from 2008 – 2014 that
failed to disclose his earnings from his Swiss bank accounts. The professor
agreed to pay the U.S. Government a $100 million penalty for neglecting to file
Reports of Foreign Bank and Financial Accounts (FBARs) until 2011, including
fraudulent ones from 2012 – 2013. Source: http://www.bloomberg.com/news/articles/2016-11-04/ex-professor-pleads-guilty-to-hiding-200-million-from-irs

Information Technology Sector

19. November 7,
SecurityWeek – (International) Critical privilege escalation flaws found
in MySQL. Oracle Corporation released updates for its MySQL database
management systems after a security researcher discovered an arbitrary code
execution flaw and race condition issue in MySQL that a malicious actor could
chain together to escalate privileges to root and fully compromise a targeted
system. Percona released an update for its Percona Server for MySQL and Percona
XtraDB cluster to address the same vulnerabilities in its software, and MariaDB
released a patch for the race condition flaw in its software.

20. November 5,
SecurityWeek – (International) Android spyware targets executives. Security
researchers form Skycure discovered an Android spyware, dubbed Exaspy could be
leveraged to access a victim’s chats and messages, record audio during calls or
in the background, take screenshots, and collect contact lists and call logs,
among other malicious actions. The researchers found that the malware required
physical access to a targeted device for installation, and once installed, the
app runs under the name Google Services, disguising itself as the legitimate
Google Play Services. Source: http://www.securityweek.com/android-spyware-targets-executives

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"